Skip to content
A Foxpass VPN running on AWS.
HCL Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit Jul 22, 2019
LICENSE Initial commit Jul 22, 2019
Makefile run a Foxpass vpn instance in a separate vpc Jul 23, 2019 dns record for vpn Jul 23, 2019 use a static ip for the vpn server instead of a floating one Jul 24, 2019 Add walkthrough on how to run project to README (#1) Jul 24, 2019 Add walkthrough on how to run project to README (#1) Jul 24, 2019
terraform.tfvars.example Add walkthrough on how to run project to README (#1) Jul 24, 2019

Foxpass - VPN

This repo contains a Terraform project that sets up an Ubuntu based VM built by Foxpass to use with their services. The result is a vpn server (with DNS and static ip) that users can use with their Google/Office365 credentials to connect t0.


File breakdown



1. Enable usage of AMI

This project uses the prebuilt AMI's (source) from Foxpass. You must accept these terms and conditions otherwise AWS will not allow you to launch an instance.

While logged in to the target AWS account:

2. Clone this repository:

# Note: The following command is using HTTPS. You can use SSH.
git clone

3. Populate file

cp terraform.tfvars.example terraform.tfvars

Edit using your preferred editor using the example below as a guide.

Variables explanation

dns_primary / dns_secondary

Can optionally be changed to your desired DNS provider


If you want to create a domain name that points to the public IP address of the VPN, set the domain name here. Once terraform is run it will output a set of DNS servers that you can use to point your domain/subdomain using an NS server entry


This must be set for the server to be able to authenticate users, your Foxpass admin can create a new API key here ->


This is the first layer shared password that all users must enter before entering their user creds. This should be a long secure password.


An ssh public key used to ssh into the VM for maintenance purposes: guide

4. Initialize Terraform

The sets up and configures Terraform to save its internal state remotely in AWS.

There are 2 options available:

  • Comment out this entire file (Warning: Will result in changes only being possible from your current machine)
  • Configure and bootstrap the state file (instructions included below)

When running in a new account

  • Comment out the backend block in the (this is to bootstrap the initial run)
  • Rename the 2 usages of the bucket name foxpass-vpn-project-state to something unique
terraform {
  required_version = "~> 0.12.0"

//  backend "s3" {
//    //    dynamodb_table = "not used see if you want to enable"
//    bucket  = "foxpass-vpn-project-state"
//    encrypt = true
//    region  = "eu-west-2"
//    key     = "terrafrom/state/v2/global"
//  }

# Download dependencies and set up state 
terraform init
# show and run setup (this step requires the user to type `yes` midway though)
terraform apply

Terraform should now output the DNS name server addresses as well as public IP that can be used for the VPN like so (these will differ to yours)


dns_nameservers = [
instance_ip_address =

When running in a new account and using remote state

  • Uncomment the backend block that we previously commented out
  • Rerun terraform init and answer yes when prompted to migrate the state


PRs are welcome! Please open an issue before submitting any large changes.

You can’t perform that action at this time.